nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Revolutionizing the Visual Design of Capture the Flag (CTF) Competitions

verfasst von : Rukman Senanayake, Phillip Porras, Jason Kaehler

Erschienen in: HCI for Cybersecurity, Privacy and Trust

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

There are a variety of cyber-security challenge tournaments held within the INFOSEC and Hacker communities, which among their benefits help to promote and identify emerging talent. Unfortunately, most of these competitions are rather narrow in reach, being of interest primarily to those enthusiasts who are already well versed in cyber security. To attract a broader pool of younger generation participants requires one to make such events more engaging and intellectually accessible. The way these tournaments are currently conducted and presented to live audiences is rather opaque, if not unintelligible to most who encounter them. This paper presents an ongoing effort to bridge the presentation gap necessary to make cyber security competitions more attractive and accessible to a broader audience. We present the design of a new but familiar model for capturing the interplay, individual achievements, and tactical drama that transpires during one form of cyber security competition. The main user interface and presentation paradigm in this research borrows from those of established e-sports, such as League of Legends and Overwatch. Our motivation is to elevate the current format of cyber security competition events to incorporate design and presentation elements that are informed by techniques that have evolved within the e-sports community. We apply the physics models and battlefield visualizations of virtual world gaming environments in a manner that captures the intellectual challenges, team achievements, and tactical gameplay that occur in a popular form of cyber security tournament, called the Capture The Flag (CTF) competition. Our goal is to make these events intellectually accessible to broader audiences, to engage a broader and more diverse talent pool of competitors, and to increase the awareness and interest in cyber security among the general public.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Informing Hybrid System Design in Cyber Security Incident Response

Nächstes Kapitel Reciprocities or Incentives? Understanding Privacy Intrusion Perspectives and Sharing Behaviors

Tobey, D.H., Pusey, P., Burley, D.L.: Engaging learners in cybersecurity careers: lessons from the launch of the national cyber league. In: ACM Inroads, New York, NY, USA, March 2014CrossRef

Vigna, G., et al.: Ten years of iCTF: the good, the bad, and the ugly. In: Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE), San Diego, CA, August 2014

Cheung, R.S., Cohen, J.P., Lo, H.Z., Elia, F., Carrillo-Marque, V.: Effectiveness of Cybersecurity Competitions (2012). https://www.josephpcohen.com/papers/seccomp.pdf

Namin, A.S., Aguirre-Muñoz, Z., Jones, K.S.: Teaching cyber security through competition: an experience report about a participatory training workshop. In: Proceedings of the 7th Annual International Conference on Computer Science Education: Innovation and Technology (CSEIT) (2016)

DARPA: Welcome to DARPA’s Cyber Grand Challenge – full playlist, July 2016. https://www.youtube.com/watch?v=g5Kt2ayMN0&list=PL6wMum5UsYvZx2x9QGhDY8j3FcQUH7uY0

The European Cyber Security Agency: European Cyber Security Challenge. Home page for the EU 2019 CTF Competition. January 2019. https://www.europeancybersecuritychallenge.eu/

EY.COM: The Asia-Pacific Cyber Case Challenge, January 2019. https://www.ey.com/cn/en/careers/ey-asia-pacific-cyber-challenge

DEFCON: DEFCON 2018 Capture The Flag (CTF) Competition, January 2018. https://www.defcon.org/html/defcon-26/dc-26-ctf.html

CTF Time: CTFS, January 2019. https://ctftime.org/ctfs

10.

Bao, T., Shoshitaishvili, Y., Wang, R., Kruegel, C. Vigna, G., Brumley, D.: How shall we play a game?: a game-theoretical model for cyber-warfare games. In: Proceedings of the 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, 21–25 August 2017

11.

Epic Games: What is the Unreal Engine 4, January 2019. https://www.unrealengine.com/en-US/what-is-unreal-engine-4

12.

Samurai CTF Team: We are Samurai CTF and we won Defcon CTF this year (2013). http://www.reddit.com/r/netsec/comments/y0nnu/we_are_samurai_ctf_and_we_won_defcon_ctf_this/c5r9osm

13.

Fortinet: Ph0wn: A CTF Dedicated to Smart Devices, November 2018. https://www.fortinet.com/blog/threat-research/ph0wn-a-ctf-cedicated-to-smart-devices.html

14.

Boopathi, K., Sreejith, S., Bithin, A.: Learning cyber security through gamification. Indian J. Sci. Technol. 8, 642–649 (2015)CrossRef

15.

Fink, G., Best, D., Manz, D., Popovsky, V., Endicott-Popovsky, B.: Gamification for measuring cyber security situational awareness. In: Schmorrow, Dylan D., Fidopiastis, Cali M. (eds.) AC 2013. LNCS (LNAI), vol. 8027, pp. 656–665. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39454-6_70CrossRef

16.

McDaniel, L., Talvi, E., Hay, B.: Capture the flag as cyber security introduction. In: Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS). IEEE (2016)

17.

Dabrowski, A., Kammerstetter, M., Thamm, E., Weippl, E., Kastner, W.: Leveraging competitive gamification for sustainable fun and profit in security education. In: USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15) (2015)

18.

Adams, M., Makramalla, M.: Cybersecurity skills training: an attacker-centric gamified approach. Technol. Innov. Manag. Rev. 5(1) (2015)CrossRef

19.

Nakaya, M., Akagi, S., Tominaga, H.: Implementation and trial practices for hacking competition CTF as introductory educational experience for information literacy and security learning. In: Proceedings of ICIA (2016)

20.

Chapman, P., Burket, J., Brumley, D.: PicoCTF: a game-based computer security competition for high school students. In: 3GSE, August 2014

21.

Dasgupta, D., Ferebee,D.M., Michalewicz, Z.: Applying Puzzle-based learning to cyber-security education. In: Proceedings of the 2013 on InfoSecCD 2013: Information Security Curriculum Development Conference, p. 20. ACM, October 2013

22.

Gavas, E., Memon, N., Britton, D.: Winning cybersecurity one challenge at a time. IEEE Secur. Priv. 10(4), 75–79 (2012)CrossRef

23.

Chung, K., Cohen, J.: Learning obstacles in the capture the flag model. In: 3GSE, August 2014

24.

Vigna, G., et al.: Ten years of iCTF: The good, the bad, and the ugly. In: 3GSE, August 2014

25.

Chothia, T., Novakovic, C.: An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In: USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15) (2015)

26.

Nunes, E., Kulkarni, N., Shakarian, P., Ruef, A., Little, J.: Cyber-deception and attribution in capture-the-flag exercises. In: Jajodia, S., Subrahmanian, V.S.S., Swarup, V., Wang, C. (eds.) Cyber Deception, pp. 151–167. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32699-3_7CrossRef

27.

Ford, V., Siraj, A., Haynes, A., Brown, E.: Capture the flag unplugged: an offline cyber competition. In: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education, pp. 225–230. ACM, March 2017

28.

Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor’s perspective. Proc. IEEE Secur. Priv. 13(6), 72–76 (2015)CrossRef

29.

Song, J., Alves-Foss, J.: The DARPA cyber grand challenge: a competitor. In: Proc. IEEE Secur. Priv. (1) (2016)

30.

Walker, M.: Machine vs. machine: lessons from the first year of cyber grand challenge. In: Proceedings of the 24th USENIX Security Symposium (2015)

31.

Kali.Org: Kali Distribution Page - Our Most Advanced Penetration Testing Distribution, Ever, January 2019. https://www.kali.org

32.

SRI International: SRIFlow Distribution Page – Network Flow Auditing for Security and Visualization, January 2019. http://sriflow.csl.sri.com

Titel: Revolutionizing the Visual Design of Capture the Flag (CTF) Competitions
verfasst von: Rukman Senanayake
Phillip Porras
Jason Kaehler
Verlag: Springer International Publishing
Buch: HCI for Cybersecurity, Privacy and Trust
Print ISBN: 978-3-030-22350-2

Electronic ISBN: 978-3-030-22351-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-22351-9_23

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Suresh Vittal/© Alteryx, Additiv gefertigte Teile/© Marina_Skoropadskaya | Getty Images | iStock, Warnschild "Land unter"/© Bluedesign / Fotolia, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.